seems this just needs a config change? from the private bug: "This is due to the patch "[patch] integrity: Do not load MOK and MOKx when secure boot be disabled" was added to check if secureboot enabled for trusting the MOK key, https://lore.kernel.org/lkml/9b93e099fc6ee2a56d70ed338cd79f2c1ddcffa5.ca...@linux.ibm.com/T/
Unfortunately, the checking function, arch_ima_get_secureboot(), needs the config, CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y and it's dependency CONFIG_IMA_ARCH_POLICY " -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1969432 Title: 5.17 kernel won't load mok, so it refused to load dkms signed by mok To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1969432/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs